Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libpoppler-glib8-0.43.0-16.28.1
libpoppler-qt4-4-0.43.0-16.28.1
libpoppler60-0.43.0-16.28.1
poppler-tools-0.43.0-16.28.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libpoppler-glib8-0.43.0-16.28.1
libpoppler-qt4-4-0.43.0-16.28.1
libpoppler60-0.43.0-16.28.1
poppler-tools-0.43.0-16.28.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libpoppler-cpp0-0.43.0-16.28.1
libpoppler-devel-0.43.0-16.28.1
libpoppler-glib-devel-0.43.0-16.28.1
libpoppler-qt4-devel-0.43.0-16.28.1
typelib-1_0-Poppler-0_18-0.43.0-16.28.1
Ссылки
- Link for SUSE-SU-2023:3399-1
- E-Mail link for SUSE-SU-2023:3399-1
- SUSE Security Ratings
- SUSE Bug 1150039
- SUSE CVE CVE-2019-16115 page
Описание
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.28.1
SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.28.1
SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.28.1
SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.28.1
Ссылки
- CVE-2019-16115
- SUSE Bug 1150039
- SUSE Bug 1225040